052f031ce3e09e967c021213aa028585c5157c3724bf1ed36eed488b435585da

Analysis

max time kernel
19s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
08-07-2024 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

bc03807f90300ed384aa3fbe462b5819
SHA1

d7654d4cd34105c704288b378d3ad708f0a0872d
SHA256

052f031ce3e09e967c021213aa028585c5157c3724bf1ed36eed488b435585da
SHA512

6b7c5d1b3d6d134dd96bb59665abca96a65ad6a2edc0c301c574ec1cba1ebecf4602395a97c629655772f58ebe22bc7cf0266cf71738f6da6a4a8552097a4ad9
SSDEEP

49152:7PSe9096pV6rX+Q1VpBaHoIkoo59X9SABZ+nm98mFBXAwtWk0ESkbU25q:7qe9b2rX+QFMIIkh9tSABAngW6rq

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

X.God.X

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

X.God.X

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

X.God.X

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

X.God.X

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

X.God.X

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4264

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4612b66728e4cde322a3a07dc220e9bb

SHA1
53a8609583bc7c585a19b560222b839e667a0fa4

SHA256
b1a4a15a8daa42de013b59fa7a74ad0c79635e241a0cd451474b07fe412cdf74

SHA512
78618ec88a4648312a1595220f9d7ae51e811f6c65b1f1b781fc4b13bbbba3f0d660c2058bfdd9eb5296842af96d629141c489ff17650fb88e6818ee2611fc1e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
df1bc5b9d218f44cb924c59a63385283

SHA1
6f22c2f369444f2e5560fadd9528184dd8f9e117

SHA256
19b9f2a35d412f783ecdc8ec245316207a21144cca07b772f6326bfd7571c07b

SHA512
5e51778c1a4d6cbabd16698f304fd9ccc403c49b7d3c73a529c6b83b5a84907e0bbcb2de51f38561dc44d879239953d2003d2ab4744ca38a79c8a1127663745a

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c003a1b1fe2440a1d5e644187f5e8e0d

SHA1
e379bf4fb98db288f5655e843105736cd28fe3eb

SHA256
3654948d1f1ed95fb510720dc526a181b8e0944b99d5dda27f65347428c6cd9b

SHA512
fd603a5ea92c7812524d060de8f169709c3e45a07b1c244322e1433cde7f32b48e1a2a20e5673dc4602d29bfe509c1f8700a5bf09646866a8cd8d78bf3f3a0ec

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c00524dc30727c6bf29e8bc82964214b

SHA1
b72b3ad3487d45db3b69165a7bd0aade60b65859

SHA256
85595d6d436ad0f62c3880525cd46b8e50d0fe420e869624826175218238c363

SHA512
d393ba9e03ec9b950e6b4bfe45028da70d5e65a64c3759e1fe266ef2eb6649d2b512125be83299699caeec3bf88c2066c3ee533b8b8b36e08e341b84ee3626ac

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
e3afd05affa5e8811582c8119988c850

SHA1
6cd6fa81914c1fc72e1a0a8ea4381472345a9581

SHA256
b5e1a4bcd590fb5c9a4443e310f87897f4e28fbeedc228c98b4d1383dfc74e93

SHA512
c27b215bf637f3907b0b6815826d216216d64ea935bef9bc580bb85ee3affb5601efef0eaedafaadb541dc2557c7bfdaa0495ec0936ebf0cc99e0ee6c1625e45

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e5ae04b8315c95cc4dad6f7f6a424164

SHA1
3aea971339c6e4528c498ac921e41b48c984c8a5

SHA256
8c0abdd2fef9c3eb089b4af9b4730f2df794953525d2648b6d8282dc76ef91fe

SHA512
9f8f93af8c608adc46cf3d81026f78e9892c4eb28be5fa5f835ace05a3aa3c965e67a7248c2dda3d6966e2e905d91252033477c9d1776987d8c9790ceb6d6ca7

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3147ea7c526274341d1f3d540b1cc47d

SHA1
3c602fbe08dbb5d88c6ad3df91313fd0bf747e71

SHA256
ac3bc5ccf6c53b6bbeefc14a793d845c54f189aa27c492939f90604a7a456ece

SHA512
d92b5507e71d5a5b03ddc4da55575496811dcbad287b6f4435718f89b2c0e5db499b0c54ca238eb486f11055c3d22d1e31c30b503a2533fc2478c83dbe1615e0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
46d2f7a10f17c3c68032cdf918555f3b

SHA1
af0c92a7154ddc0972b3ddaf03ff4f11fcdb463d

SHA256
39869972fc8e310ffe6b45a4672a0efa36354e68336030bfdde73acbc5dccc4a

SHA512
f062da1ab0aa694d1ab36cb32d495cad7d05c814204b9f11673c71b61fe2cca84ea562629ad0611ce5ea64980cb9c36662bb38899e5d11e4e92f3d1a1cebf726

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
67fd42d0ba92a9e77013f3f79ccc84cf

SHA1
ecb13183a45095c7314916f2e270b1d626628a76

SHA256
bdf6a9063b794e1ce30aa42c73d3a38ffd74ff0204487455a461909f4f9a6243

SHA512
9c94207ce53aed5574c80f6abf453deb4f4107c576323ac4407d14d03f60c6d40aa6c7b521904ba93b2ddb2aa7e8e1d55fc035990af2931fa7e8c76fa0923c1c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d829e95e3e96077508b1778af0eb2ef6

SHA1
9790370e0fa0ac92c026ebe27b82c0683a190090

SHA256
cc4d7ff9682102e2b9de5913288b89463a64ba05190b25b1b8607400c9a46f6d

SHA512
5823173fbf6c4d8fb1c0d375b19cf2e8d6e92ca5bca6deaa411ad1149e2eb8791ce97e17d92361a971aadecb0393890dc2202fd26a631c350d142ecd029a2a1e

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
f042d5ec8f3a577e52750accecc2d06a

SHA1
c476a10d8db5acd8079ee32356e38bd1a34bde4a

SHA256
be573f45a02df40ab8f77bbb1cd6e9b1a99881e79dd5ad2f6bf983af587fe457

SHA512
1b2f396ca7b4ed40b37806deaf10d039bbd855dc1144adc5d974ba6db0c50f527886416697f76ae454f5cbba9bf55b0b8a3eb18f34e9ac85f0a63a187f7f85dc

Download Submit
/data/data/X.God.X/files/PersistedInstallation4481229923524689440tmp

Filesize
90B

MD5
1be681530acfe1e8204ccec75dcc914b

SHA1
8a518b84a74fc8924a1bd76c5c947a3ae35b4dcf

SHA256
dfecf2908b88369e4aa15b24e782e23a5ecaf117232efc8ed80ebb15cb095a69

SHA512
7d53982ff2e72e79fccd50826029c98f18f007bd3bff17179fd301f9408f45e3738485fff07c05e91dd201f1caea518697fc1d28cb8faa8e9506acd3df2734dc

Download Submit
/data/data/X.God.X/files/PersistedInstallation830067652500144864tmp

Filesize
567B

MD5
f734f927afcac9bce70448674e8e3609

SHA1
3643263bc029256f33b3e7f055522261f9a0bdfc

SHA256
5e4566a419c7b8135dceed2c2d8a3ad3906abb1e63f8600283256bca9d1f0893

SHA512
6e30387dc5ba146f0099f68e4668522c43d019b6fe53e5372a67dcd9beab3122fd5fad6e0db00748198fb88e4754dbefa3fe28bfce547a3f0e52f761eb697268

Download Submit